2 Replies Latest reply on Apr 25, 2004 10:07 AM by starksm64

jboss authentication

nithila Apr 21, 2004 1:41 PM

Hi all

i am using jboss - UsernamepasswordLoginModule for username and password authentication. I want to know the way to restrict users after 3 bad logins.

if user uses wrong password for three times successively then something should happen like he should not be able to login for next 30 minutes.

It can be done in weblogic, but how to do it in jboss?

thanx in advance.

1. Re: jboss authentication

spiritualmechanic Apr 21, 2004 9:14 PM (in response to nithila)

I think you could create an MBean to keep a list of each user and how many tries they've done.

Then increment the amount on a login attempt. Check the MBean each time the user tries to log in. Keep the timestamp of the initial and/or final try and compare.

Set the MBean on a timer and purge when time difference is > 30 minutes.
Actions
2. Re: jboss authentication

starksm64 Apr 25, 2004 10:07 AM (in response to nithila)

This would be a customization of a jboss login module or your own login module that tracked the attempts.
Actions

Go to original post